Hi, here's a quick review of the state of the art in encrypted file systems:

1) CFS - a decade old, won't work with new rpcgen.  Can be coaxed into
compilation, but requires several make commands with different args.
It's all user-level.  The code is functional but definitely not elegant.
Supports 3DES, but no modern ciphers.  Probably easier to re-write than
to turn into a nice system.

2) NCryptfs - kernel level stackable file system.  Compiles on FreeBSD, I'm
working on portage to NetBSD.  I've basically done some transformations on
FreeBSD's nullfs and done a diff to know what I have to do on NetBSD.
It's not clear to me if I need to include the vnops createvobject,
destroyvobject, getwritemount, and rename, as they do not exist in
nullfs (which is what I'm basing the templates on).  Can these
operations even be called in NetBSD?

3) TCFS - the latest of the three.  Also a stackable file system layer.
I have been unable to contact the authors as the email address on the web
page bounces.  Unfortunately, it is distributed as files you untar over
/usr/src, and it is relative to some NetBSD version circa 2000-04-26 which
is well before anything on the NetBSD FTP site, so I cannot make diffs.
Some of the changes are obviously in conflict with later NetBSDs.

4) Others include rubberhose (no NetBSD support yet), StegFS (Linux only),
encrypted loopback type devices (Linux and OpenBSD), BestCrypt (Linux).

I am thinking of trying TCFS.  I am currently on a moderately old
NetBSD and unsure whether I should integrate it into my older
NetBSD, later upgrade and repeat the process using what I learned the first
time, or update to 1.6.1 (or -current) first and integrate afterwards.

Anyway, after I do all of this I was wondering if we could incorporate
them into NetBSD.  This is a real pain and should not have to be done
repeatedly.  There's no good documentation on "how to write a stackable
file layer" that I have found.  Plenty on how they work, but none oriented
towards doing it.

Tips?  Comments?  Suggestions?